Risk Management Policy

Download PDF

1. Purpose 
The purpose of this Risk Management Policy and supporting processes is to outline our commitment to  identifying, assessing, managing, and monitoring risks that could potentially; impact Camira’s ability to  achieve its objectives and keep employees and customers safe, to reduce costs and to support a continuous  improvement culture which sustains a resilient, growing business. Risk Management in Camira;
• Creates and protects value
• Is based on the best available information
• Is an integral part of all organisational processes 
• Takes human and cultural factors into account 
• Is part of day to day decision making 
• Is transparent and inclusive 
• Explicitly addresses uncertainty 
• Is dynamic, iterative and responsive to change 
• Is systematic, tailored, structured and timely
• Facilitates continual improvement

2. Strategy
Camira’s Risk Management System is based on the principles and guidelines of ISO 31000 and is designed to support Camira’s Risk Management Strategy.

A risk management framework provides the foundations and arrangements and assists in managing risks  effectively through the application of the Risk Management Process at varying levels and within specific Risk Context. The framework ensures that information about risk derived from the risk management process is adequately reported and used as a basis for decision making and accountability at all Group entities within Scope. 

3. Risk Management Process
Camira’s risk management process has been designed to apply organisational policies, procedures and practices to the activities of communicating, consulting, contextualising, identifying, analysing, evaluating, treating, monitoring and reviewing risk.

Effective and efficient integration of the risk management process into Camira’s practices and operational  processes is essential for ensuring that the risk management process is part of, and not separate from, day  to day decision making. In particular, Camira has focussed on ensuring risk management is embedded into  the policy development, business and strategic planning and review, and change management processes.

• Identification - Identify potential risks through regular assessments, audits, and feedback from employees and stakeholders.
• Assessment - Evaluate the likelihood and impact of identified risks using a standardised risk assessment matrix.
• Control - Develop and implement strategies to mitigate identified risks. This may include avoiding, transferring, reducing, or accepting the risk.
• Monitoring and Review - Continuously monitor and review risks and the effectiveness of risk management strategies. Update the risk management plan as necessary.

4. Roles and Responsibilities
Camira’s Board of Directors accepts full accountability for defining Camira’s risks, controls and risk treatment tasks.

Designated risk managers and owners are appointed based on their appropriate level of seniority, skills and experience, and are provided with adequate authority, time, training, resources and skills to assume responsibility for monitoring risks, checking and improving controls and effectively communicating risks to relevant stakeholders. Risk managers and owners responsibilities are recorded in job descriptions and on a Risk Management Roles and Responsibilities database. 

Camira’s Induction Programme contains relevant information about the risk management responsibilities of new starters and all Camira employees are required to report potential risks and contribute to the risk management process when applicable.

5. Communication and Reporting
Camira considers communication with stakeholders as an integral and essential component of risk management. Effective two-way communication ensures informed decisions about risk levels and required treatments can be made using defined Risk Criteria. 

Camira’s internal communication and reporting mechanisms ensure that: 
• there are processes for consultation with internal stakeholders;
• key risk management components and updates are communicated;
• there is adequate internal reporting on the framework’s effectiveness and outcomes; and
• relevant information is available at appropriate levels and times. 

Camira identifies and communicates with appropriate external stakeholders by: 
• ensuring exchanges of information are effective; 
• reporting on legal, regulatory, and governance requirements; 
• providing feedback and consultation which builds confidence; and 
• communicating with stakeholders in the event of a crisis or contingency. 

These processes consolidate risk information from a variety of sources, and include control measures to protect sensitive information. Regular risk management reports are prepared and submitted to the senior management team and the Board of Directors to support corporate governance and the wider Risk Management Strategy.

6. Review of Policy
As we develop our approach to Risk Management this statement shall be periodically reviewed and updated. It applies to all subsidiaries of Camira Group Holdings Limited and has been signed by the Commercial Director, on behalf of the Board of Directors.


ANTHONY CROALL
Commercial Director 
Dated: January 2025